A collaborative network is a network with sufficient security mechanism such that each device connected to the collaborative network may be trusted by each of the other devices connected to the collaborative network. The level of security required to obtain such trust may vary from deployment to deployment. To participate in the collaborative network, a communication device may maintain a security association of sufficient strength with at least one other communication device in the collaborative network. The strength of the security association can be considered sufficient when each of these devices conforms to a predefined security policy. For example, the security policy may specify devices can only collaborate with each other if they are under the control of a single user. Another example, a device may join a collaborative network if the network security implemented by the device uses FIPS specified cryptographic algorithms. Communication devices in the collaborative network may share resources with each other due to the trust provided by the security associations between the devices participating in the collaborative network, and communication devices in the collaborative network may treat each other like separate processors on a multiprocessor system. Typically all the communication devices in a collaborative network are under the control of a single user. Accordingly, the communication devices associated with a single user may be organized into a collaborative and secured local or personal area network (PAN) around the single user.
The collaborative network may be established by using a pairing protocol. Example of these protocols may include but are not limited to protocols over wireless communication links (e.g. Near Field Communication (NFC), Bluetooth, WiFi, LTE, etc.), but also to wired communication link (e.g. LAN, WAN, etc.) During a pairing process, when the separation between the communication devices being paired is within a predefined distance, the communication devices may establish a security association, for example, by exchanging authentication keys or other credentials via a near field communication (NFC) interface. It is well known that a credential may include a digital certificate, an identity assertion, or a PIN, password, or other shared secret. The term “authentication key” as used herein, is considered to include any data, key or credential that is used to establish a security association between two or more nodes. It is well known that in addition to authentication keys, other types of keys are used to protect data from modification or eavesdropping. These are some times known as encryption key. As used herein, the term key (when unqualified by the word “authentication”) refers to both authentication keys as well as encryption keys. The authentication key exchanges may be through in-band or out-of-band channels, meaning that the key or credential exchange may occur on the same link that will be used for the collaborative network or on a different link. Subsequent to exchanging the authentication keys, the communication devices may also become paired according to a pairing standard such as Bluetooth. In addition to being paired according to a pairing standard, the communication devices may also perform certificate based authentication, wherein the communications devices may exchange digital certificates. The certificates may include attributes indicating specific domain, policy and/or role associated with the devices.
Each communication device in the collaborative network may include a set of security features. Non-limiting examples of these features may include the following list; access to a Hardware Security Module (HSM), ability to perform cryptographic operations (e.g. encryption, decryption, producing digital signature, verifying digital signature) using a specialized set of cryptographic algorithms (e.g. Suite B algorithms), access to a secured time source, ability to provide secured and tamper proofed data protection and storage). When these communication devices are equipped with an HSM and capable of performing one or more of the additional listed security features these devices are referred to herein as high assurance devices. The specialized set of encryption/cryptographic algorithms, data protection, and storage features included in high assurance devices are referred to herein as being at or above a predefined threshold. When a device performs certain network transactions, such as authentication, using the HSM or the specialized set of cryptographic functions described above, the transaction is said to be occurring at a high assurance level. For example, when a device uses the HSM or the specialized cryptographic functions to perform authentication, the device is said to be performing high assurance authentication. On the other hand, communication devices in the collaborative network that do not support the specialized set of encryption/cryptographic algorithms, data protection, and storage features that are present in a high-assurance device are referred to herein as low assurance devices. A non-limiting example of a high assurance device may include a portable radio that interfaces with a hardware security module (HSM). The HSM is a physical, tamper resistant, computing device that is configured to safeguard and manage digital keys for authentication and provide cryptographic processing such as encryption, decryption, digital signing, and digital signature verification. A communications device may have an HSM that permanently built into the communications device, such as is the case when an HSM chip that is soldered onto the communications device mother board, or when the HSM is built into the communications device microprocessor. The HSM may also be external to the communications device, for example, when the communications devices is able to access the HSM via a secured network, or when the HSM is a plug-in card or an external device that attaches directly to a communication device. Another non-limiting example of a high assurance device may be a communication device with a smart card that can execute Suite B cryptographic algorithms using 384-bit or 512-bit elliptic curve cryptography (ECC) algorithms and Advanced Encryption Standard (AES) AES-256 and that can perform robust authentication. Non-limiting examples of low assurance devices may include personal devices such as a consumer-grade cellphone, smartphone, personal digital assistance, or digital glasses. It is unlikely and uneconomical for a low assurance device to include, for example, its own HSM. Nevertheless, there may be a need to conduct high assurance transactions on applications being executed on the low assurance device.
One goal of a collaborative network is for the communication devices in the network to share resources in order to fulfill requests made by the user. For example, the communication devices in the PAN may share wireless interfaces and storage. It may also be desirable to have the communication devices share security features. For example, it may be desirable to have a low assurance device in a collaborative network access an HSM associated with a high assurance device in the collaborative network. In so doing, the user may be enabled to access an application or services requiring high assurance authentication, via the high assurance device associated with the HSM, and the user may use credentials stored on the HSM when accessing the application or services from the low assurance device. In another example, it may also be desirable to have a low assurance device in the collaborative network stores its login credentials on the HSM of a high assurance device.
Accordingly, there is a need for an apparatus and method for sharing a security module in a collaborative network. The term security module may refer to a hardware security module (HSM) or to software security module, preforming the same or similar functions.
Skilled artisans will appreciate that elements in the figures are illustrated for simplicity and clarity and have not necessarily been drawn to scale. For example, the dimensions of some of the elements in the figures may be exaggerated relative to other elements to help to improve understanding of embodiments of the present invention.
The apparatus and method components have been represented where appropriate by conventional symbols in the drawings, showing only those specific details that are pertinent to understanding the embodiments of the present invention so as not to obscure the disclosure with details that will be readily apparent to those of ordinary skill in the art having the benefit of the description herein.